US10599849B2ActiveUtilityA1

Security module authentication system

82
Assignee: DELL PRODUCTS LPPriority: May 3, 2018Filed: May 3, 2018Granted: Mar 24, 2020
Est. expiryMay 3, 2038(~11.8 yrs left)· nominal 20-yr term from priority
G06F 9/4403G06F 8/654G06F 21/575G06F 9/4401G06F 21/44G06F 21/572
82
PatentIndex Score
4
Cited by
17
References
20
Claims

Abstract

A security module authentication system includes a processing system that is configured to authenticate a security module based on a processing system type of the processing system. The system also includes a Basic Input/Output System (BIOS) coupled to the processing system and that includes a BIOS storage device. The BIOS storage stores a plurality of security modules each of which corresponds to a different processing system type. The BIOS is configured to utilize any of the plurality of security modules to perform a secure boot. The BIOS storage also stores an image table that identifies a first location in the BIOS storage of a first security module of the plurality of security modules. The first security module is authenticable by the processing system based on the processing system type of the processing system.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A security module authentication system, comprising:
 a chassis; 
 a processing system that is located in the chassis and that is configured to authenticate a security module based on a processing system type of the processing system; and 
 a Basic Input/Output System (BIOS) that is located in the chassis and coupled to the processing system, wherein the BIOS includes a BIOS storage storing:
 a plurality of security modules, wherein each of the plurality of security modules corresponds to a different processing system type, and wherein the BIOS is configured to utilize any of the plurality of security modules to perform a secure boot; and 
 an image table that identifies a first location in the BIOS storage of a first security module of the plurality of security modules, wherein the first security module is authenticable by the processing system based on the processing system type of the processing system. 
 
 
     
     
       2. The system of  claim 1 , wherein the image table identifies a second location in the BIOS storage of a second security module of the plurality of security modules, and wherein the second security module is not authenticable by the processing system based on the processing system type of the processing system. 
     
     
       3. The system of  claim 1 , further comprising:
 a BIOS update engine coupled to the BIOS, wherein the BIOS update engine is configured, during a BIOS updating operation, to:
 store the plurality of security modules in the BIOS storage; and 
 configure a first entry in the image table with the first location of the first security module. 
 
 
     
     
       4. The system of  claim 3 , wherein the processing system is configured to:
 determine, during a booting process, the processing system type of the processing system; 
 locate the first entry in the image table based on the processing system type; and 
 authenticate the first security module identified by the first entry based on the processing system type of the processing system and, in response, cause the first security module to execute. 
 
     
     
       5. The system of  claim 3 , wherein the BIOS update engine is further configured to:
 determine the processing system type of the processing system, wherein the configuring the first entry in the image table with the first location of the first security module includes:
 determining that the first entry in the image table identifies a second location of a second security module of the plurality of security modules, wherein the second security module is not authenticable by the processing system based on the processing system type of the processing system; and 
 update, in response to determining that the first entry in the image table identifies the second location of the second security module, the first entry in the image table to identify the first location of the first security module that is authenticable by the processing system based on the processing system type of the processing system. 
 
 
     
     
       6. The system of  claim 3 , wherein the BIOS update engine is further configured to:
 determine the processing system type of the processing system, wherein the configuring the first entry in the image table with the first location of the first security module includes:
 invalidating a second entry in the image table that identifies a second location of a second security module of the plurality of security modules, wherein the second security module is not authenticable by the processing system based on the processing system type of the processing system. 
 
 
     
     
       7. The system of  claim 6 , wherein the processing system is configured to:
 bypass, during a booting process, the invalidated second entry in the image table; and 
 authenticate the first security module identified by the first entry based on the processing system type of the processing system and, in response, cause the first security module to execute. 
 
     
     
       8. An Information Handling System (IHS), comprising:
 a Basic Input/Output System (BIOS) storage device; 
 a processing system coupled to the BIOS storage device; and 
 a memory system that is coupled to the processing system and that includes instructions that, when executed by the processing system, causes the processing system to provide a BIOS update engine that is configured to:
 provide a BIOS to the BIOS storage device coupled to the processing system; 
 store a plurality of security modules provided by the BIOS in the BIOS storage device, wherein each of the plurality of security modules corresponds to a different processing system type, and wherein the BIOS is configured to utilize any of the plurality of security modules to perform a secure boot; and 
 provide a first entry in an image table provided by the BIOS with a first location in the BIOS storage device of a first security module, wherein the first security module is authenticable by the processing system based on the processing system type of the processing system. 
 
 
     
     
       9. The IHS of  claim 8 , wherein the BIOS update engine is further configured to:
 provide a second entry in the image table that identifies a second location in the BIOS storage device of a second security module of the plurality of security modules, and wherein the second security module is not authenticable by the processing system based on the processing system type of the processing system. 
 
     
     
       10. The IHS of  claim 8 , wherein the processing system is configured to:
 determine, during a booting process, the processing system type of the processing system; 
 locate the first entry in the image table based on the processing system type; and 
 authenticate the first security module identified by the first entry based on the processing system type of the processing system and, in response, cause the first security module to execute. 
 
     
     
       11. The IHS of  claim 8 , wherein the BIOS update engine is further configured to:
 determine the processing system type of the processing system, wherein the providing the first entry in the image table with the first location of the first security module includes:
 determining that the first entry in the image table identifies a second location of a second security module of the plurality of security modules, wherein the second security module is not authenticable by the processing system based on the processing system type of the processing system; and 
 updating, in response to determining that the first entry in the image table identifies the second location of the second security module, the first entry in the image table to identify the first location of the first security module that is authenticable by the processing system based on the processing system type of the processing system. 
 
 
     
     
       12. The IHS of  claim 8 , wherein the BIOS update engine is further configured to:
 determine the processing system type of the processing system, wherein the providing the first entry in the image table with the first location of the first security module includes:
 invalidating a second entry in the image table that identifies a second location of a second security module of the plurality of security modules, wherein the second security module is not authenticable by the processing system based on the processing system type of the processing system. 
 
 
     
     
       13. The IHS of  claim 12 , wherein the processing system is configured to:
 bypass, during a booting process, the invalidated second entry in the image table; and 
 authenticate the first security module identified by the first entry based on the processing system type of the processing system and, in response, cause the first security module to execute. 
 
     
     
       14. The IHS of  claim 13 , wherein each of the processing system types includes security information specific to that processing system type and each security module is authenticable based on the security information. 
     
     
       15. A method for authenticating a security module, comprising:
 storing, by a Basic Input/Output System (BIOS) update engine, a plurality of security modules when providing a BIOS in a BIOS storage device, wherein each of the plurality of security modules corresponds to a different processing system type, and wherein the BIOS is configured to utilize any of the plurality of security modules to perform a secure boot; and 
 configuring, by the BIOS update engine, a first entry in an image table provided by the BIOS with a first location in the BIOS storage device of a first security module, wherein the first security module is authenticable by a processing system based on the processing system type of the processing system. 
 
     
     
       16. The method of  claim 15 , further comprising:
 configuring, by the BIOS update engine, a second entry in the image table that identifies a second location in the BIOS storage device of a second security module of the plurality of security modules, and wherein the second security module is not authenticable by the processing system based on the processing system type of the processing system. 
 
     
     
       17. The method of  claim 15 , further comprising:
 determining, during a booting process by the processing system, the processing system type of the processing system; 
 locating, by the processing system, the first entry in the image table based on the processing system type; and 
 authenticating, by the processing system, the first security module identified by the first entry based on the processing system type of the processing system and, in response, cause the first security module to execute. 
 
     
     
       18. The method of  claim 15 , further comprising:
 determining, by the BIOS update engine, the processing system type of the processing system, wherein the configuring the first entry in the image table with the first location of the first security module includes:
 determining that the first entry in the image table identifies a second location of a second security module of the plurality of security modules, wherein the second security module is not authenticable by the processing system based on the processing system type of the processing system; and 
 updating, in response to determining that the first entry in the image table identifies the second location of the second security module, the first entry in the image table to identify the first location of the first security module that is authenticable by the processing system based on the processing system type of the processing system. 
 
 
     
     
       19. The method of  claim 15 , further comprising:
 determining, by the BIOS update engine, the processing system type of the processing system, wherein the providing the first entry in the image table with the first location of the first security module includes:
 invalidating a second entry in the image table that identifies a second location of a second security module of the plurality of security modules, wherein the second security module is not authenticable by the processing system based on the processing system type of the processing system. 
 
 
     
     
       20. The method of  claim 19 , further comprising:
 bypassing, by the processing system during a booting process, the invalidated second entry in the image table; and 
 authenticating, by the processing system, the first security module identified by the first entry based on the processing system type of the processing system and, in response, cause the first security module to execute.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.